2 Answers
2

I believe that mod_qos is probably going to be the answer to your prayers. I can't provide any specific configuration or recommendations, because I've never actually used it, but it comes with all the knobs you're likely to need.

More generally, iptables is more than capable of handling this sort of thing itself, and it's a far better solution (do networky stuff at the networky level). This is especially true if you want to deal with other protocols as well as HTTP, or only want to apply the limits to a subset of connections.

Note, however, that connection limiting can be a real pain for legitimate users who just happen to be heavy users of the site, and it'll only slow down attackers that really aren't a concern anyway. Use with caution.